package com.education.teacher.controller;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import com.alibaba.dubbo.config.annotation.Reference;
import com.education.model.ResultDo;
import com.education.model.TeacherLoginModel;
import com.education.model.User;
import com.education.service.ITeacherLoginService;

/**
 * 教师登陆控制层
 *
 * @author 杨振欣
 *
 */
@Controller
public class TeacherLogin {
	@Reference
	private ITeacherLoginService teacherLoginService;


	private static Logger logger= LogManager.getLogger(TeacherLogin.class);

	/**
	 * @param request
	 *            请求错误信息
	 * @return 返回视图
	 * @throws Exception
	 *             抛出认证异常
	 */
	@ResponseBody
	@RequestMapping(value = "/teacherlogin", method = RequestMethod.POST)
	public ResultDo<Object> teacherLogin(@RequestBody User user,HttpServletRequest request) throws Exception {
		HttpSession session=request.getSession();
		ResultDo<Object> rs = new ResultDo<>();
		UsernamePasswordToken token = new UsernamePasswordToken(user.getUsername(), user.getPassword());
		try {
			SecurityUtils.getSubject().login(token);

		} catch (UnknownAccountException e) {
			rs.setResCode(100);
			rs.setResMsg("用户名不存在");
			return rs;
		} catch (IncorrectCredentialsException e) {
			rs.setResCode(100);
			rs.setResMsg("用户名/密码错误");
			return rs;
		}
		TeacherLoginModel teachermodel = teacherLoginService.teacherlogin(Integer.parseInt(user.getUsername()));
		ResultDo<Object> rss = new ResultDo<>();
		rss.setResCode(0);
		user.setPassword("");
		user.setRoleId(teachermodel.getRoleId());
		rss.setResData(user);
		session.setAttribute("teacherId", user.getUsername());

		logger.debug("教师id"+session.getAttribute("teacherId"));

		return rss;
	}

	/**
	 * @return ResultDo<Object> 返回成功的登录信息
	 */
	@ResponseBody
	@RequestMapping(value = "/teacherlogout", method = RequestMethod.POST)
	public ResultDo<Object> successLogin() {
		ResultDo<Object> rs = new ResultDo<Object>();
		Subject subject = SecurityUtils.getSubject();
		if (subject.isAuthenticated()) {
			subject.logout();
			rs.setResCode(0);
			return rs;
		}
		rs.setResCode(100);
		rs.setResMsg("退出失败");
		return rs;
	}

	/**
	 * 将shrio的未登陆的请求转向此处
	 * 2017/8/17 新增 by 雷紫辉
	 * @return 返回http 401 错误
	 */
	@RequestMapping(path = "/unLogin")
	@ResponseBody
	@ResponseStatus(reason = "You are not allowed to access this URL",value = HttpStatus.UNAUTHORIZED)//401
	public ResultDo<?> unLogin(){
		return new ResultDo<>(401,"未登录或者登陆状态过期");
	}
}
